Yeah... isn't one benefit of a yubikey that a secret must be acquired by some very physical and intentional means? If my laptop/password is compromised, then they still can't log in because they need my secret token from the yubikey. Well, if having that secret token is just one curl call away if they're on the same network then its no longer a very physical and intentional safeguard.
I know... layers of unlikelihood.. but I'd probably opt for a physical "good button" gapped from my computer as sort of a closed electrical extension of my finger.
I know... layers of unlikelihood.. but I'd probably opt for a physical "good button" gapped from my computer as sort of a closed electrical extension of my finger.